Sparkle

Improperly signed update

Asked by ethomaz

It looks like I am just another person having problems with keys and signatures with regards to Sparkle. I would really appreciate some help. It's really frustrating.

I've repeated the steps multiple times, without success. I created the public/private keys using the generate_keys.rb script. I included the dsa_pub.pem file in the Resources section of my project. I see that it's there once I build the app. I code signed the app for Mac OS X and zipped it. Finally, I ran the sign_update.rb script on the zipped file with the private key and pasted the generated signature into my appcast xml file, which looks like this:

<item>
<title>Version 3.0.2</title>
       <sparkle:releaseNotesLink>
  http://www.slifelabs.com/slife/downloads/apps/mac_version_control/rnotes-3.0.2.html
 </sparkle:releaseNotesLink>
        <pubDate>Tue, 28 Jul 2009 13:45:00 +0000</pubDate>
        <enclosure url="http://www.slifelabs.com/slife/downloads/apps/v3/slife-mac-v3.0.2.zip" sparkle:version="3.0.2" sparkle:dsaSignature="MCwCFGLw/68quTR7GP6Cs3uXWvGTKOfaAhRe/mogk4zWAYg0Ia0K8iUokWpI/g==" length="600000" type="application/octet-stream" />
</item>

The appcast is at: http://www.slifelabs.com/slife/downloads/apps/mac_version_control/Slife-Mac-30-Appcast.xml

Any help would be appreciated. BTW, the introduction of this security check is good, but I wish I could turn it off. I've spent numerous hours on this problem and it's getting to the point that it's not worth having the signature check, if that means spending all this time. (even though I might be doing some silly, easy to fix and get this working).

Question information

Language:
English Edit question
Status:
Answered
For:
Sparkle Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Hofman (cmhofman) said : 		#1

Actually, your app verifies and updates correctly for me, also explicitly verifying the signature goves no problem. So probably something else goes wrong, perhaps it's your test setup that does not work. So what actually fails?

Revision history for this message
ethomaz (ethomaz) said : 		#2

The only error message I get is at the end of the install, the
"improperly unsigned update" message dialog that pops up.
Unfortunately I've received support email from customers saying that
auto-update didn't work for them, so the problem exists beyond my
setup. At one point I did check and it did seem to work - that's why I
released it in the first place.

If you have verified the signing and it's ok, is there anything that
could bring up the "improperly unsigned" dialog as well?

I am not sure if the previous version of my app is using another
version of Sparkle, and that could be a problem. In any case, we are
talking about a few months only - not years or anything like that.

Thanks for looking into this. I appreciate your help.

On Jul 30, 2009, at 7:08 PM, Hofman wrote:

> Your question #78600 on Sparkle changed:
> https://answers.launchpad.net/sparkle/+question/78600
>
> Status: Open => Needs information
>
> Hofman requested for more information:
> Actually, your app verifies and updates correctly for me, also
> explicitly verifying the signature goves no problem. So probably
> something else goes wrong, perhaps it's your test setup that does not
> work. So what actually fails?
>
> --
> To answer this request for more information, you can either reply to
> this email or enter your reply at the following page:
> https://answers.launchpad.net/sparkle/+question/78600
>
> You received this question notification because you are a direct
> subscriber of the question.

Revision history for this message
Hofman (cmhofman) said : 		#3

Are you sure the older app has the correct (same) public key? That's the only thing I can think of. Have you actually tested with the old app version (the same that reports problems)?

Revision history for this message
ethomaz (ethomaz) said : 		#4

Maybe that's what the problem is. The older app doesn't have a key. We
weren't using signatures before but are now. It looks like we don't
have choice with the new Sparkle release, correct?

-et

On Jul 31, 2009, at 10:48 AM, Hofman wrote:

> Your question #78600 on Sparkle changed:
> https://answers.launchpad.net/sparkle/+question/78600
>
> Status: Open => Answered
>
> Hofman proposed the following answer:
> Are you sure the older app has the correct (same) public key? That's
> the
> only thing I can think of. Have you actually tested with the old app
> version (the same that reports problems)?
>
> --
> If this answers your question, please go to the following page to
> let us
> know that it is solved:
> https://answers.launchpad.net/sparkle/+question/78600/+confirm?answer_id=2
>
> If you still need help, you can reply to this email or go to the
> following page to enter your feedback:
> https://answers.launchpad.net/sparkle/+question/78600
>
> You received this question notification because you are a direct
> subscriber of the question.

Revision history for this message
Andy Matuschak (andymatuschak) said : 		#5

That's right. Okay, so don't sign the first update with 1.5b6, but make sure that version has the public key in it. Then sign all subsequent updates.

Revision history for this message
ethomaz (ethomaz) said : 		#6

Great. Mistery solved. I appreciate your help. Thanks!

-et

On Aug 3, 2009, at 5:33 PM, Andy Matuschak wrote:

> Your question #78600 on Sparkle changed:
> https://answers.edge.launchpad.net/sparkle/+question/78600
>
> Status: Open => Answered
>
> Andy Matuschak proposed the following answer:
> That's right. Okay, so don't sign the first update with 1.5b6, but
> make
> sure that version has the public key in it. Then sign all subsequent
> updates.
>
> --
> If this answers your question, please go to the following page to
> let us
> know that it is solved:
> https://answers.edge.launchpad.net/sparkle/+question/78600/+confirm?answer_id=4
>
> If you still need help, you can reply to this email or go to the
> following page to enter your feedback:
> https://answers.edge.launchpad.net/sparkle/+question/78600
>
> You received this question notification because you are a direct
> subscriber of the question.

Revision history for this message
Hofman (cmhofman) said : 		#7

That's correct. If the old version does not have a key, but it's using 1.5b6, it won't be able to update. Unfortunately there's no workaround, because your users already have the broken app. Perhaps the best thing to do is to mention something to this effect in your release notes linked or included in your appcast, and possibly link to a manual download page.

Can you help with this problem?

Provide an answer of your own, or ask ethomaz for more information if necessary.

To post a message you must log in.